github-mirrors/odc-devaudit-dotnet
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-devaudit-dotnet.git synced 2026-01-17 17:22:08 +01:00
Code Issues 1 Packages Projects Releases Wiki Activity
Files
05b1e8caa4cef866fe903fc165b4be809dad82c7
odc-devaudit-dotnet/README.md
Šesták Vít 05b1e8caa4 Initial commit
2020-01-31 15:00:44 +01:00

11 lines
884 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Adds DevAudit scan to OWASP Dependency Check. It is an ODC plugin.
The plugin relies on index provided by nuget-indexer . The index is stored in ODC vulnerability database, so there is no need for extra configuration.
Config properties:
* com.ysoft.dotnetEnhancer.enabled enables/disables the analyzers
* com.ysoft.dotnetEnhancer.vulnerabilityMode CVE_ONLY uses description from NVD and ignores vulnerabilities without CVE; CVE_PREFERRED prefers description from NVD, but allows some best-effort output if CVE is not available; PURE_DA always uses data from DevAudit.
* com.ysoft.dotnetEnhancer.devAuditPath Path to DevAudit folder. On Linux, it is expected that devaudit.exe is executable and binfmt is configured for running .NET binaries.
* com.ysoft.dotnetEnhancer.strictSearch Raises exception instead of warning if a .NET library could not be found in index.
Reference in New Issue View Git Blame Copy Permalink